CVE-2024-3181 (GCVE-0-2024-3181)
Vulnerability from cvelistv5
Published
2024-04-03 19:09
Modified
2024-08-30 21:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Summary
Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field. Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Thanks Alexey Solovyev for reporting
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Concrete CMS | Concrete CMS |
Version: 9.0.0 Version: 5.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:34:26.267110Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:31:29.530Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."
},
{
"tags": [
"x_transferred"
],
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Concrete CMS",
"repo": "https://github.com/concretecms/concretecms",
"vendor": "Concrete CMS",
"versions": [
{
"lessThan": "9.2.8",
"status": "affected",
"version": "9.0.0",
"versionType": "git"
},
{
"lessThan": "8.5.16",
"status": "affected",
"version": "5.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexey Solovyev"
}
],
"datePublic": "2024-04-03T19:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.\u0026nbsp;Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of\u003c/span\u003e\u003cb\u003e \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L\u0026amp;version=3.1\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L\u003c/span\u003e\u003c/a\u003e\u003cspan style=\"background-color: transparent;\"\u003e.\u0026nbsp;\u003cb\u003e\u003c/b\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThanks \u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAlexey Solovyev for reporting\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.\u00a0Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .\u00a0Thanks Alexey Solovyev for reporting"
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-592 Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T21:17:27.290Z",
"orgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"shortName": "ConcreteCMS"
},
"references": [
{
"url": "https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA."
},
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA."
}
],
"source": {
"advisory": "https://hackerone.com/reports/918142",
"discovery": "EXTERNAL"
},
"title": "Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"assignerShortName": "ConcreteCMS",
"cveId": "CVE-2024-3181",
"datePublished": "2024-04-03T19:09:44.345Z",
"dateReserved": "2024-04-02T06:07:37.812Z",
"dateUpdated": "2024-08-30T21:17:27.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3181\",\"sourceIdentifier\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"published\":\"2024-04-03T20:15:07.077\",\"lastModified\":\"2024-12-16T19:07:04.087\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.\u00a0Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code.\u00a0The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .\u00a0Thanks Alexey Solovyev for reporting\"},{\"lang\":\"es\",\"value\":\"La versi\u00f3n 9 de Concrete CMS anterior a 9.2.8 y las versiones anteriores a 8.5.16 son vulnerables a XSS Almacenado en el campo de b\u00fasqueda. Antes de la soluci\u00f3n, un administrador pod\u00eda ejecutar el XSS almacenado cambiando un filtro al que un administrador deshonesto hab\u00eda agregado previamente c\u00f3digo malicioso. El equipo de seguridad de Concrete CMS le dio a esta vulnerabilidad una puntuaci\u00f3n CVSS v3.1 de 3.1 con un vector de AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A: L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator. Gracias Alexey Solovyev por informar\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.5,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.7,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.5.16\",\"matchCriteriaId\":\"05017ACE-D194-4FCC-BA25-BB44B0B0949E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.2.8\",\"matchCriteriaId\":\"C74ED818-CCEF-437A-9127-5C479F56D39F\"}]}]}],\"references\":[{\"url\":\"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.\",\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.\",\"source\":\"ff5b8ace-8b95-4078-9743-eac1ca5451de\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:05:07.637Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3181\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-04T15:34:26.267110Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:22.018Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.\", \"source\": {\"advisory\": \"https://hackerone.com/reports/918142\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Alexey Solovyev\"}], \"impacts\": [{\"capecId\": \"CAPEC-592\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-592 Stored XSS\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/concretecms/concretecms\", \"vendor\": \"Concrete CMS\", \"product\": \"Concrete CMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.0.0\", \"lessThan\": \"9.2.8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"5.0.0\", \"lessThan\": \"8.5.16\", \"versionType\": \"git\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-04-03T19:03:00.000Z\", \"references\": [{\"url\": \"https://documentation.concretecms.org/developers/introduction/version-history/8516-release-notes?_gl=1*1oa3zn1*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY3MDcuMC4wLjA.\"}, {\"url\": \"https://documentation.concretecms.org/9-x/developers/introduction/version-history/928-release-notes?_gl=1*1bcxp5s*_ga*MTc1NDc0Njk2Mi4xNzA2ODI4MDU1*_ga_HFB3HPNNLS*MTcxMjE2NjYyNi4xMy4xLjE3MTIxNjY2ODEuMC4wLjA.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.\\u00a0Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code.\\u00a0The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator .\\u00a0Thanks Alexey Solovyev for reporting\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.\u0026nbsp;Prior to the fix, stored XSS could be executed by an administrator changing a filter to which a rogue administrator had previously added malicious code.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 3.1 with a vector of\u003c/span\u003e\u003cb\u003e \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L\u0026amp;version=3.1\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L\u003c/span\u003e\u003c/a\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e.\u0026nbsp;\u003cb\u003e\u003c/b\u003e\u003c/span\u003e\u003c/b\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThanks \u003c/span\u003e\u003c/span\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAlexey Solovyev for reporting\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"shortName\": \"ConcreteCMS\", \"dateUpdated\": \"2024-08-30T21:17:27.290Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-3181\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-30T21:17:27.290Z\", \"dateReserved\": \"2024-04-02T06:07:37.812Z\", \"assignerOrgId\": \"ff5b8ace-8b95-4078-9743-eac1ca5451de\", \"datePublished\": \"2024-04-03T19:09:44.345Z\", \"assignerShortName\": \"ConcreteCMS\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…